IMPORTANT July 2021: Chrome private network access restriction with hot module reloading

• Laravel Mix Version: 6.0.24
• Node Version: 14.16.0
• NPM Version: 6.14.11
• OS: Windows 10 Pro

Description:

Using HMR spits out a deprecation warning from Google Chrome (Google page | Google developer blog ), which sounds like it will ultimately break the functionality to request data from one site (in my example a homestead site “site.test”) to a more private site (in this case the websocket). This picture helped me understand it, I think my situation is the private network -> local device example:

Deprecation warning: [Deprecation] The website requested a subresource from a network that it could only access because of its users' privileged network position. These requests expose non-public devices and servers to the internet, increasing the risk of a cross-site request forgery (CSRF) attack, and/or information leakage. To mitigate these risks, Chrome deprecates requests to non-public subresources when initiated from non-secure contexts, and will start blocking them in Chrome 92 (July 2021). See https://chromestatus.com/feature/5436853517811712 for more details.

Steps To Reproduce:

Have a private network setup like mysite.test and start hmr with the mix watch --hot command. There has to be some kind of request to a subresource, in my case its just the request to any page.